<?xml version="1.0"?> <interfaceDefinition> <node name="vpn"> <children> <node name="openconnect" owner="${vyos_conf_scripts_dir}/vpn_openconnect.py"> <properties> <help>SSL VPN OpenConnect, AnyConnect compatible server</help> <priority>901</priority> </properties> <children> <node name="authentication"> <properties> <help>Authentication for remote access SSL VPN Server</help> </properties> <children> <leafNode name="mode"> <properties> <help>Authentication mode used by this server</help> <valueHelp> <format>local</format> <description>Use local username/password configuration</description> </valueHelp> <valueHelp> <format>radius</format> <description>Use RADIUS server for user autentication</description> </valueHelp> <constraint> <regex>(local|radius)</regex> </constraint> <completionHelp> <list>local radius</list> </completionHelp> </properties> </leafNode> <node name="local-users"> <properties> <help>Local user authentication for SSL VPN server</help> </properties> <children> <tagNode name="username"> <properties> <help>User name for authentication</help> </properties> <children> <leafNode name="disable"> <properties> <help>Option to disable a SSL VPN Server user</help> <valueless /> </properties> </leafNode> <leafNode name="password"> <properties> <help>Password for authentication</help> </properties> </leafNode> </children> </tagNode> </children> </node> #include <include/radius-server.xml.i> <node name="radius"> <children> <leafNode name="timeout"> <properties> <help>Session timeout</help> <valueHelp> <format>1-30</format> <description>Session timeout in seconds (default: 2)</description> </valueHelp> <constraint> <validator name="numeric" argument="--range 1-30"/> </constraint> <constraintErrorMessage>Timeout must be between 1 and 30 seconds</constraintErrorMessage> </properties> <defaultValue>2</defaultValue> </leafNode> </children> </node> </children> </node> <node name="listen-ports"> <properties> <help>SSL Certificate, SSL Key and CA (/config/auth)</help> </properties> <children> <leafNode name="tcp"> <properties> <help>tcp port number to accept connections (default: 443)</help> <valueHelp> <format>1-65535</format> <description>Numeric IP port (default: 443)</description> </valueHelp> <constraint> <validator name="numeric" argument="--range 1-65535"/> </constraint> </properties> <defaultValue>443</defaultValue> </leafNode> <leafNode name="udp"> <properties> <help>udp port number to accept connections (default: 443)</help> <valueHelp> <format>1-65535</format> <description>Numeric IP port (default: 443)</description> </valueHelp> <constraint> <validator name="numeric" argument="--range 1-65535"/> </constraint> </properties> <defaultValue>443</defaultValue> </leafNode> </children> </node> <node name="ssl"> <properties> <help>SSL Certificate, SSL Key and CA (/config/auth)</help> </properties> <children> <leafNode name="ca-cert-file"> <properties> <help>Certificate Authority certificate</help> <completionHelp> <script>ls /config/auth</script> </completionHelp> <valueHelp> <format>file</format> <description>File in /config/auth directory</description> </valueHelp> <constraint> <validator name="file-exists" argument="--directory /config"/> </constraint> </properties> </leafNode> <leafNode name="cert-file"> <properties> <help>Server Certificate</help> <valueHelp> <format>file</format> <description>File in /config/auth directory</description> </valueHelp> <constraint> <validator name="file-exists" argument="--directory /config"/> </constraint> </properties> </leafNode> <leafNode name="key-file"> <properties> <help>Privat Key of the Server Certificate</help> <valueHelp> <format>file</format> <description>File in /config/auth directory</description> </valueHelp> <constraint> <validator name="file-exists" argument="--directory /config"/> </constraint> </properties> </leafNode> </children> </node> <node name="network-settings"> <properties> <help>Network settings</help> </properties> <children> <leafNode name="push-route"> <properties> <help>Route to be pushed to the client</help> <valueHelp> <format>ipv4net</format> <description>IPv4 network and prefix length</description> </valueHelp> <valueHelp> <format>ipv6net</format> <description>IPv6 network and prefix length</description> </valueHelp> <constraint> <validator name="ip-prefix"/> </constraint> <multi/> </properties> </leafNode> <node name="client-ip-settings"> <properties> <help>Client IP pools settings</help> </properties> <children> <leafNode name="subnet"> <properties> <help>Client IP subnet (CIDR notation)</help> <valueHelp> <format>ipv4net</format> <description>IPv4 address and prefix length</description> </valueHelp> <constraint> <validator name="ipv4-prefix"/> </constraint> <constraintErrorMessage>Not a valid CIDR formatted prefix</constraintErrorMessage> </properties> </leafNode> </children> </node> <node name="client-ipv6-pool"> <properties> <help>Pool of client IPv6 addresses</help> </properties> <children> <leafNode name="prefix"> <properties> <help>Pool of addresses used to assign to clients</help> <valueHelp> <format>ipv6net</format> <description>IPv6 address and prefix length</description> </valueHelp> <constraint> <validator name="ipv6-prefix"/> </constraint> </properties> </leafNode> <leafNode name="mask"> <properties> <help>Prefix length used for individual client</help> <valueHelp> <format><48-128></format> <description>Client prefix length (default: 64)</description> </valueHelp> <constraint> <validator name="numeric" argument="--range 48-128"/> </constraint> </properties> <defaultValue>64</defaultValue> </leafNode> </children> </node> #include <include/accel-name-server.xml.i> </children> </node> </children> </node> </children> </node> </interfaceDefinition>